[PATCH 5/8] server: Notify client about freed object so that it may free associated kernel object.
Derek Lesho
dereklesho52 at gmail.com
Fri Mar 15 14:43:11 CDT 2019
Ah, I see. Wouldn't it be cleaner to put a whitelist inside of
device.c and see if the incoming object type is on that whitelist?
This seems like it would be a more self-contained solution to the
problem.
On Fri, Mar 15, 2019 at 2:32 PM Jacek Caban <jacek at codeweavers.com> wrote:
>
> Hi Derek,
>
> On 3/15/19 6:15 PM, Derek Lesho wrote:
> > I am also curious about something, what was wrong w/ the old
> > infrastructure where the object structure held the list to
> > kernel_objects?
>
>
> It's mostly about safety. Note that server does not trust clients to be
> sane, even if the client is a kernel in Windows sense. The patchset
> allowed storing a reference to an arbitrary handle-accessible object.
> Although from object's perspective it mostly behaves like yet another
> handle, it's not exactly the same (otherwise it wouldn't make sense to
> introduce it). There are some corner cases where kernel process could
> harm wineserver if it's not treated with care. For example it could try
> store a reference to device manager (something Windows application would
> not do since there is no such thing as server device manager handle on
> Windows), which would cause circular dependency and a leak. In previous
> patchset I tried to catch such cases. Avoiding the above needed a
> special case, which wasn't really nice. Allowing references on only
> explicitly whitelisted object types solves the problem.
>
>
> Jacek
>
More information about the wine-devel
mailing list